In January, the European Commission outlined its proposal for a radical overhaul of data protection rules in the European Union. The proposed law will increase compliance obligations, including introducing possible fines of up to 2% of global turnover for breaches. With cloud computing, instead of having data stored locally on a user's own computer, it can all be stored on Internet servers, or "in the cloud," accessed as a service on the Internet. But where "in the cloud" matters.
The EU Data Protection Directive was implemented to standardize the requirements for the protection of personal information across all the countries within the EU. More recently, the European Union has enacted legislation that restricts the use of hidden identifiers to "trace the activities of the user" on electronic communication networks, such as cookies and similar tracking devices commonly used for online behavioral advertising.
The processing of data in an unexpected country might also generally trigger jurisdictional issues over a particular cloud customer. For example, having to disclose certain data that subject to a discovery request could run afoul of privacy laws in certain jurisdictions -- forcing the cloud customer to choose between violating the law and losing their lawsuit if they don't produce the evidence.